REDLEGG BLOG

Emergency Vulnerability Bulletin - 01/03/23

1/3/23 12:03 PM  |  by RedLegg Blog

About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.

VULNERABILITIES

Synology VPN Plus Server Out-of-Bounds Write Vulnerability

Identifier: CVE-2022-43931
Exploit or POC: No
Update: https://www.synology.com/en-af/security/advisory/Synology_SA_22_26

Description: CVE-2022-43931 allows for arbitrary command execution. This vulnerability has been discovered in the Remote Desktop Functionality and contains an out-of-bounds write vulnerability. Successful exploitation would allow a remote attacker to arbitrarily execute commands via unspecified attack vectors. 

Mitigation recommendation: Patching is currently the only method of mitigation.
RedLegg Action:  None at this time.

 

 

Get Blog Updates

Related Articles

Threat Intel: ATP27, FRP, TTNG, and More… threat intel, CTI Report

Threat Intel: ATP27, FRP, TTNG, and More…

EXECUTIVE SUMMARY THREAT INTELLIGENCE AT REDLEGG This report serves as a comprehensive resource, offering insights into ...
Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools threat intel, 96bravo

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools

EXECUTIVE SUMMARY RedLegg would like to recognize the efforts instituted by the Cybersecurity & Infrastructure ...
Critical Security Vulnerabilities Bulletin